means AbraTax Limited (“AbraTax”, “we”, “us” and “our”) is committed to respecting your privacy. We are registered in the UK and our registered address is at 15 Halesworth Court, 7 Alfred Street, London, United Kingdom, E3 2BE, and our company registration number is 14047081.
About this Privacy Notice
This Privacy Notice concerns the following categories of information that we collect about you:
•
Information we receive through our website (the "AbraTax Website")
•
Information we receive through our services (the "AbraTax Services")
Our Privacy Notice explains the basis on which we process your Personal Data, whether it is data you provide directly to us, data we generate, or data we receive from other sources about you.
Data Controller and Data Processor Roles
AbraTax operates as both a Data Controller and a Data Processor:
•
As a Data Controller, we determine the purposes and means of processing Personal Data collected directly through our website, for business administration, communications, or legal compliance.
•
As a Data Processor, we process Personal Data on behalf of our Customers when providing the AbraTax Services. In such cases, the individuals and organisations using our Services (our Customer) act as the Data Controller.
For clarity, this Privacy Notice applies to our activities as a Data Controller. When we act as a Data Processor, we process Personal Data under the instructions of our Customers, and their privacy policies govern how Personal Data is handled.
“Personal Data” means any information relating to an identified or identifiable living individual. An identifiable individual is one who can be identified, directly or indirectly, from that information alone or in combination with other information that is or is likely to come into the possession of AbraTax.
Please take the time to read and understand this Privacy Notice.
Personal data that we collect about you
We will collect and process the following Personal Data about you:
•
Information that you provide to us
•
This includes information about you that you provide by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include your name, contact number, email address, job title, payment information (such as bank account detailswhen necessary for processing payments via invoices), and account login information (username and password). Payment information will only be used for payment purposes. Payment data is retained only as long as necessary to complete the transaction and meet our legal and accounting obligations. If no longer required, it can be deleted upon request.
•
We use Stripe as a third-party payment processor to handle payments on our behalf. When you enter your payment information (such as your card or bank details), this information is transmitted directly to Stripe, which securely processes the payment in compliance with PCI-DSS standards. We do not store your full payment details; we only receive a transaction confirmation from Stripe. For more information on how Stripe protects your data, please refer to Stripe’s Privacy Policy.
•
Information we collect or generate about you
This includes:
•
Contact and User Support History: A file with your contact interactions and user preferences. This information is used to respond effectively to your enquiries and requests, and to ensure your satisfaction with the services we provide (e.g., when you reach out to us for IT or technical support). This data is retained to address and resolve your inquiries and to improve our services.
•
Technical Information: We collect certain information automatically when you access our website, including IP addresses, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and device-specific details. This data may be collected through cookies and similar tracking technologies. For more information on our use of cookies, please refer to our Cookies Policy.
•
Traffic and Security Monitoring: We generate reports accessible through our platform that provide information on the internet usage by users within your organisation. This includes details about websites visited, documents downloaded, security incidents, and any preventive measures taken by our security systems. These reports are used solely for monitoring and maintaining the security of the organisation’s network.
•
User Analytics and Website Interaction: We may collect data on user interactions, such as pages visited, time spent on each page, scroll depth, and navigation patterns. This data helps us understand how users interact with our website, allowing us to improve content, layout, and user experience.
•
Error Logs and Performance Data: In the event of technical issues, we may log error data, which includes information related to the functionality of our site and the performance of our servers. This helps us identify and resolve issues quickly to provide a seamless experience.
•
Advertising and Referral Data: We may also collect information on how you found our website (e.g., through a search engine or referral link) and your interactions with any advertisements, if applicable. This information allows us to assess the effectiveness of our marketing efforts.
•
Uses of your Personal Data
AbraTax may store and process your Personal Data in the following ways and for the purposes listed below:
•
Assessing Your Organization's Application: To evaluate and process the application submitted by you or your organisation to use the AbraTax Services, if relevant;
•
Providing Services Access and Functionality: To enable you to access and use the features and functionality of the AbraTax Services;
•
User Access Setup: To establish and manage your individual access to the AbraTax Services, if relevant;
•
Business Operations and Administration: To support and manage our business activities, including maintaining accurate records and managing client relationships;
•
Understanding User Needs: To better understand your needs and interests to improve service relevance;
•
Communication: To provide updates on AbraTax Services that may interest you or your organization, subject to any preferences you have expressed;
•
Website Improvement and Security: To continuously update and enhance the information and usability of the AbraTax website, as well as detect and prevent potential security threats or cyber-attacks.
•
User Feedback and Service Support: To gather feedback on the AbraTax Services and to offer quick and effective support for any questions about their use;
•
Data Analysis for Security: To conduct analyses for detecting and addressing malicious data and understanding its impact on IT systems;
•
Monitoring and Threat Adaptation: To carry out statistical monitoring and analysis of on-going cyber threats, adapting our security solutions to address evolving risks;
•
Detailed Threat Analysis: To conduct in-depth assessments of potential and emerging threats for enhanced security responses;
•
Compliance with Legal and Regulatory Standards: To ensure and evaluate adherence to all relevant laws, rules, regulations, and internal policies;
•
Automated Decisions and Profiling: We may use automated decision-making and profiling in our services to enhance user experience. This may involve analyzing your data to provide targeted content, marketing, or personalized recommendations. If you wish to know more about how your data is being used for these purposes or to exercise your rights in relation to automated decision-making and profiling, please contact our Data Protection Officer.
These uses are based on AbraTax’s legitimate interests in providing, improving and protecting its services, as well as the performance of any agreement with your or your organization. We will only retain your Personal Data for as long as necessary to fulfil these purposes and in compliance with data retention guidelines.
•
Legal Basis for Using Your Personal Data: We are entitled to process your Personal Data for the purposes outlined above because:
•
Performance of a Contract: We need to process your Personal Data to fulfil our contractual obligations with you or your organization;
•
Consent: We have obtained your explicit consent to process your Personal Data for specific purposes;
•
Legal and Regulatory Compliance: We may process your Personal Data to comply with our legal and regulatory obligations;
•
Establishing, Exercising, or Defending Legal Rights: We may process your Personal Data if necessary for establishing, exercising, or defending our legal rights, including for legal proceedings; and/or
•
Legitimate Business Interests: The processing of your Personal Data is also necessary for the pursuit of our legitimate business interests, including:
•
efficiently managing and administering the operation of our business;
•
ensuring compliance with internal policies and procedures;
•
monitoring and protecting our intellectual property and copyrighted materials;
•
providing quick and easy access to information about the AbraTax Services;
•
maintaining and enhancing the security of our IT systems; and
•
gaining insights into current network security threats to improve and adapt our security solutions.
We ensure that our legitimate interests do not override your data protection rights. Your Personal Data is processed in line with all applicable laws and regulations and is only retained for as long as necessary to fulfil the purposes outlined.
•
Disclosure of your information to third parties
•
We may share anonymised and aggregated data with third parties for research, analytical, or business development purposes. This data does not include any information that can identify you personally.
•
From time to time, we may offer to connect you with carefully selected third-party providers (e.g., wealth management firms for tailored financial advice or introductions). We will only share your personal data with your explicit consent. You may withdraw your consent at any time.
•
Transfers of Personal Data outside the European Economic Area (EEA)
We may transfer your personal data to countries outside the European Economic Area (EEA), including the United States, where some of our third-party service providers are based. When we do so, we ensure that appropriate safeguards are in place.
•
How we safeguard your Personal Data
•
Security Measures and Access Controls: We employ security measures to protect your Personal Data and our information and information systems. Personal Data and client files are safeguarded based on their sensitivity, with appropriate security protocols such as restricted access implemented on our systems. Physical access to areas where Personal Data is collected, processed or stored is limited strictly to authorised personnel.
•
Employee Data Protection Compliance: Our employees are required, as a condition of employment, to comply with all applicable laws and regulations, including data protection laws. Access to your Personal Data is limited to those employees who need to perform their job responsibilities. Unauthorised access, use, or disclosure of client information by any employee is prohibited and may lead to disciplinary action.
•
Identity Verification: When contacting AbraTax regarding your file, we may ask for specific Personal Data to verify your identity. This additional measure ensures that only you, or an individual authorised by you, can access your information.
•
Retention of Personal Data
The length of time we retain your Personal Data depends on several factor, including:
•
Purpose of Data Use: We retain your Personal Data for as long as necessary to provide our services and fulfill the purposes for which it was collected. We are currently reviewing and improving our data retention processes to ensure compliance with applicable data protection regulations, including secure deletion or anonymisation when data is no longer needed.
•
Legal and Regulatory Requirements: In some cases, laws or regulations require us to retain your Personal Data for a specified minimum period. We comply with these obligations to ensure we meet all applicable legal standards.
•
Self-Assessment Data: We may retain self-assessment data for 7 years to address queries, resolve issues, or ensure the integrity of our services. Beyond this period, such data will be securely deleted or anonymized unless required for compliance purposes.
After the applicable retention period, we will securely delete, anonymize, or otherwise safely dispose of your Personal Data to protect your privacy.
•
Your rights
Under data protection law, you have several rights regarding the Personal Data we hold about you, including:
•
Right to Information and Access: You have the right to be informed about how we process your Personal Data and to request access to the Personal Data we hold about you;
•
Right to Withdraw Consent: Where we rely on your consent to process your Personal Data, you can withdraw that consent any time. However, please note, that we may still be entitled to process your Personal Data if we have a legal basis other than consent;
•
Right to Data Portability: In certain situations, you have the right to receive a copy of the Personal Data you provided to us in a structured, commonly used and machine-readable format, and/or request that we transfer this data to a third party if technically feasible. This right applies only to Personal Data you have provided to us;
•
Right to Rectification: If your Personal Data is inaccurate or incomplete, you have the right to request that we correct or update it;
•
Right to Erasure: You can request that we delete your Personal Data in certain circumstances, such as when it is no longer necessary for the purpose it was collected. However, we may retain certain data if required by law;
•
Right to Object and Restrict Processing: You have the right to object to or request that we limit our processing of your Personal Data in specific situations. Please note that there may be cases where we are legally permitted to continue processing your data despite your request; and
•
Right to Lodge a Complaint: If you believe we have infringed any of your rights, you have the right to lodge a complaint with the relevant data protection authority. In the UK, this is the Information Commissioner’s Office (“ICO”), which can be contacted or visited at https://ico.org.uk/.
•
You may exercise any of these rights by contacting us via the details provided in the “Contacting us” section below.
•
Further Information on Your Rights
To learn more about your data protection rights, you can contact the Information Commissioner’s Office directly or visit their website at https://ico.org.uk/.
•
Contacting us
If you have questions about how we collect, use, disclosure, transfer or process your Personal Data, or if you wish to exercise any of your data protection rights, please reach out to us at support@abratax.co.uk.
•
Updates to This Privacy Notice
We may update this Privacy Notice from time to time. Changes will be posted on this page with an updated revision date. Last updated: 2 January 2025. Data Protection Officer, dpo@abratax.co.uk.
